media: atmel: atmel-isc: fix asd memory allocation

The subsystem will free the asd memory on notifier cleanup, if the asd is
added to the notifier.
However the memory is freed using kfree.
Thus, we cannot allocate the asd using devm_*
This can lead to crashes and problems.
To test this issue, just return an error at probe, but cleanup the
notifier beforehand.

Fixes: 106267444f ("[media] atmel-isc: add the Image Sensor Controller code")

Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

1 files changed, 6 insertions, 2 deletions

diff --git a/drivers/media/platform/atmel/atmel-isc.c b/drivers/media/platform/atmel/atmel-isc.c
index bbcca9dfec26..94cb309fdb52 100644
--- a/drivers/media/platform/atmel/atmel-isc.c
+++ b/drivers/media/platform/atmel/atmel-isc.c
@@ -2169,8 +2169,11 @@ static int isc_parse_dt(struct device *dev, struct isc_device *isc)
                         break;
                 }
 
-                subdev_entity->asd = devm_kzalloc(dev,
-                                     sizeof(*subdev_entity->asd), GFP_KERNEL);
+                /* asd will be freed by the subsystem once it's added to the
+                 * notifier list
+                 */
+                subdev_entity->asd = kzalloc(sizeof(*subdev_entity->asd),
+                                             GFP_KERNEL);
                 if (!subdev_entity->asd) {
                         of_node_put(rem);
                         ret = -ENOMEM;
@@ -2318,6 +2321,7 @@ static int atmel_isc_probe(struct platform_device *pdev)
                                                      subdev_entity->asd);
                 if (ret) {
                         fwnode_handle_put(subdev_entity->asd->match.fwnode);
+                        kfree(subdev_entity->asd);
                         goto cleanup_subdev;
                 }